According to these screenshots, syslog is working just fine. You have 83 messages which were forwarded by the SyslogCollector to the SyslogAnalyzer, and should now be in the RME database. You should be able to run a syslog report, and see those messages.

Replies

These questions are quite generic, and will have different answers based on things like platform, and aspects of "syslog." It is true that no configuration is really required on the server to get syslog working (on either platform).

So, on what platform is LMS installed? Exactly what do you need to know about syslog (e.g. logging to a raw file, reporting, actions, etc.)? It sounds like you need to know about logging the messages to a raw file.

Then check the NMSROOT/log/syslog.log. All messages sent to the LMS server should appear there. Again, no configuration is required on the LMS server to make this happen. If you do not see messages there, then the messages must not be making it to the LMS server. Verify that UDP port 514 is open between the device and server.

1. If you have logging buffered enable (and it is by default), then messages will be seen in the "show log" output on the device. The number of messages kept in this buffer depends on the size. Typically this is 4096 bytes, but it can be increased with the "logging buffered" config command.

2. No. LMS receives the syslog messages at the same time the logging buffer does. LMS will only look at the syslog messages it sees in the syslog message file on the LMS server (NMSROOT/log/syslog.log on Windows). When a messages shows up there, it will be read by the SyslogCollector daemon. The SyslogCollector daemon will perform any required filtering on the message, then pass all unfiltered messages to the SyslogAnalyzer. The SyslogAnalyzer will run any configured Automated Actions, and insert the message into the RME database. Only then will you be able to run reports and see the message.

According to these screenshots, syslog is working just fine. You have 83 messages which were forwarded by the SyslogCollector to the SyslogAnalyzer, and should now be in the RME database. You should be able to run a syslog report, and see those messages.